People aren't even seeing the more serious issue here. If Microsoft implements these so-called Kerberos extensions, reverse engineering them is not what we want to be doing (regardless of legality).
Getting the IETF to make the standard more rigid is a better course of action. It forces Microsoft to adhere to certain rules if they want to claim Kerberos interoperability.
If we start the reverse engineering game with Microsoft, they will have achieved their goal -- defacto control of the Kerberos standard. They will have the ability to modify their extensions at will, thus forcing anyone who requires interoperability (e.g. Samba) to scramble to catch up.
Once Microsoft has you playing catch-up, you're right where they want you. See Netscape for details.
Nevertheless, any program where people are rewarded for turning in other people for alleged misdeeds has a KGB aura to it, no doubt.
I agree here. I'm curious why an incentive is needed at all. Most people, I think, would jump at the opportunity to turn the screws on a spammer. I think we should be concentrating on penalties for spamming, rather than rewards for turning people in.
This seems to work well enough for fax machines; email should be granted the same protection under the law. Email may be harder to trace, but offering rewards isn't going to cure that problem.
But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?
"Why should we be suspicious of the DMCA? No one's going to use it in a way we didn't anticipate, right?" Heh... granted that's an extreme but you see my point.
That last sentence really emphasizes the entire dilemma that the game industry faces with regards to Linux. How much effort should we put into widespread game support, if Linux itself is not widespread? Where do we draw the line? (I work in the game industry, so I say "we").
For many programmers, Linux is cool and making a game support it is even better. That's not enough reason for the marketing people, though. They are concerned with the bottom line. When you put 2-3 years into development for a product that stays on the shelf 6 mo - 1 year, you can see why Linux often gets ignored.
I think console games may be Linux's best ally here. Many development shops want to be able to sell their games on the consoles as well as Windows. That alone is reason enough to write portable code, which in turn can make porting to Linux easier. My company does this. No, it's not the royal treatment, but every game has to start somewhere. As long as Windows is the most widespread OS, that's what will be supported first and foremost.
Don't get me wrong - my personal view is that nuclear power's risks far outweigh the benefits, with a few limited exceptions. I mentioned burners as one possible way to help reduce the amount of waste that has ALREADY been produced. I don't think we should continue running such reactors for the long run, however.
Also keep in mind that a half-life is exactly that: the time it takes for half of the unstable nuclei to decay. It doesn't just "go away". Also, many isotopes decay into other isotopes that are still radioactive. Thus, a burner should have two goals:
- output of isotopes with much smaller half-lives than the original.
- output of isotopes which decay into non-radioactive material.
Yes, it is, and it was a major producer of the U.S. plutonium stockpile. Hanford is in Eastern Washington, which isn't terribly close to Microsoft (5 - 6 hour drive). It IS close to the Columbia river, and they have leaked radioactive material into there in the past.
Nuclear power IS risky, and there is no long term solution to waste disposal (yet). Fast breeder reactors, and breeder/burners are one potential solution. But there is great paranoia about diversion of Pu-239 to terrorists. A fast breeder (in a nutshell) can produce Pu-239 (fissionable) from U-238 (waste).
A burner is a little different. This is used to deliberately break large isotopes into smaller ones with shorter half lifes. The U.S. Congress has cancelled most funding for advanced reactor programs, although the DOE's Argonne National Lab still does some research.
Considering some of the half-lifes of certain isotopes (Pu-239 has a half life of 24,000 years or so), just burying it seems to be a ridiculous proposition. I'd much rather see funding put into burner programs which can take care of this waste in a more responsible fashion.
A short barreled shotgun, or any shotgun, is good for home defense. A pump action weapon makes noise which may scare an intruder. The spread makes it easier to hit someone in a dark room.
A sawed off shotgun is not necessarily a weapon useful to a militia. though. Due to the decreased range and wide spread, it would not (generally) be a good weapon to use in a team setting. A notable exception would be in clearing a room, but there are other weapons which would accomplish the task as well. Also, in the sort of urban combat that a militia is likely to be involved in, there is a high probability that innocent bystanders will be near. This sort of weapon has little accuracy, and high chance of hitting targets other than the intended one.
Sounds familiar, doesn't it? What happened? It got fixed. And this certainly is not the only Netscape bug that has ever surfaced.
Security problems are going to be discovered. Humans make mistakes. The key is to respond to the problems swiftly, and try not to rush products out the door without proper testing. I think both MS and Netscape were guilty of the latter for a long time.
Microsoft fixed the problem which allowed scripts to run without clicking them a long time ago.
Being curious, I followed your link. If you take the time to follow the next link (to Microsoft's hotfix), you'd see that it was taken care of last year.
If you were running a year old version of Linux, you wouldn't go ranting and raving about how it is full of exploits would you? No, you'd patch up to the latest.
Actually I don't care about the points as much as the effect they have. I like browsing with Highest scores first. If moderators consistently give points to mindless crap, then what's the use of doing that? With that said, though, my karma comment was merely directed at the off topic stuff that he tossed into his post, not the browser-related comments.
I think your post is a bunch of mindless ranting and highly overrated. I don't usually jump to Microsoft's defense but there is no way your post deserved a 5.
First of all, to the cookie issue: turn off Javascript, OR go into the security settings and disable cookies that are stored on your computer. OR wait a brief moment and Microsoft will have a patch out. OR use any number of 3rd party cookie filtering programs that are out there. Personally I think neither Netscape, nor IE provide sufficient cookie control and management capabilities.
Also, let's keep some perspective and remember that both IE and Netscape have had vulnerabilities uncovered. They both make mistakes, they both fix them. Let's move on.
As to the ILOVEYOU stuff - to the best of my knowledge, you had to click on the.vbs file to activate it. You don't go around running executables do you? So this virus/trojan is nothing more than a case of uneducated users trusting something they shouldn't.
I DO think Microsoft should not allow their script language to poke through your address book. Newbie computer users would be less likely to trust this type of trojan if it wasn't a friend of theirs in the From: field.
The rest of your rant about the trade secrets and UCITA is nothing more than mindless Slashdot karma whoring. *yawn*
I've read alot about shrinkwrap license issues lately. Personally, I don't care for them, but I think companies have the right to include them if they want to. These licenses will generally get more restrictive and accept less responsibility until consumers say enough is enough. Maybe this case will start that trend, if enough corporations hear about it.
Contrary to what/. might tell you, corporations can be affected by shrinkwrap licenses as easily as consumers. Corporations purchase quite a bit of software. Sooner or later, some CTOs are going to say "hey wait a minute -- this license is B.S." Let's use a different product.
When that happens, you can be sure that companies will start competing on that level. Look at the auto industry. They offer WARRANTIES, as opposed to the computer industry which tends to DISCLAIM responsibility. As long as the computer industry is competitive, I think manufacturers will begin to accept more responsibility for their products.
If you get monopoly situations, on the other hand... well - that invites shrink wrap license abuse.
Best regards,
SEAL
actually, a better idea
on
Silicon Hell
·
· Score: 1
Say some anonymous individual decides to separate the technical specifications from the legal garbage, and distribute them on the web.
Obviously this person has violated the click-license agreement. But what happens if Jeremy picks up the stripped specs and implements them? Jeremy has agreed to nothing. So is he accountable? Is there something in the DMCA or other law which would place him in jeopardy?
I used to work at Microsoft, and from the code I saw, there was NO GPLd code being used. Their networking code is largely based on BSD code, which has a more lenient license, as I'm sure you are aware.
Microsoft plays hardball business-wise, but they are also one of the most scrutinized corporations. If some coder decided to use GPL'd code for one of Microsoft's closed products, it is fair to say that he or she probably wouldn't be working there for long.
If the NSA is going to put backdoors in software, or implement other monitoring schemes, it doesn't really matter which nation they are dealing with. They have the ability to subvert entire organizations. So how would France know that the source code matched the binary they were using? Maybe they'll audit each and every line of code, and compile it themselves. But somehow I doubt it.
Consider the NSA "relationship" with Crypto AG, a Swiss company. Just look it up on Google if you're not familiar.
I prefer what Rob pointed out - add code which allows the poster to decide whether or not the post goes into the public domain. Maybe posters on Technocrat.net don't mind sharing their words 99% of the time. But it'd be nice to still post even that 1% where you want to retain ownership.
However, I can't see the logic behind Rob's excuse of "not enough time". I mean c'mon - it's just a single checkbox and one additional field in the database. I've heard all the rumblings about the Slash code being a mess, but... how hard can it be?
... besides it's not like I'm going to spend 15 bucks on a paperback of marginal worth. I'd get more value out of three trips to Taco Bell. So who cares where it's sold?
As the body's water content drops, blood gets thicker, resulting in poorer flow and consequently poorer delivery of oxygen and other needed chemicals to the muscles and brain.
Where did you pull that statistic from?
Consider, for a moment, someone preparing to climb Mt. Everest. He or she spends many months living at around 18,000 feet in order to allow the body to adjust to the altitude. The blood becomes thicker, with these climbers showing around 3x the normal amount of red blood cells. This allows the body to better transport oxygen in an environment where it is scarce.
Yes, water is important, and yes, dehydration is dangerous. But the thickness of your blood is not the primary performance indicator.
Did that sink in? If not - go read it again. The RIAA is a conglomerate of several MAJOR record labels, but that hardly constitutes ALL record labels. Not even close.
Thus, artists on non-RIAA labels would not have to be "going through the RIAA". Similarily, Napster is not stealing from the RIAA. The RIAA has no inherent right to profits of non affiliated labels.
Best regards,
SEAL
seems like it's missing a few things
on
Jet3d Game Engine
·
· Score: 4
I was browsing the features list and notably, there is no OpenGL support. It says it supports Direct3D and Glide, but there's no mention of Linux.
Also, there doesn't appear to be any NURBS support in the renderer. 3D sound positioning is a nice touch but once again... probably Win32 / DirectSound. If it has a software 3D sound capability then that's probably better for Linux anyhow. I'll have to take a look at the CVS repository and get a better feel for it because the features list leaves me with more questions than answers:)
On the bright side, considering their licensing policy, I would expect people to add in some of these features / portability sooner or later.
Thus, while the Federal 6th Circuit Court of Appeals may have ruled that source code is protected speech, that ruling does not change the rules in an area outside that court's jurisdiction.
So in other words, your whole DeCSS attention-mongering post is crap, as others have already pointed out.
If you're curious about the layout of the U.S. Circuit Courts you can go here:
During my days at the U.S. Naval Academy, we pulled off some pretty excellent hacks. Much of the same activity went on as MIT - especially the week before the Army-Navy football game.
However, the best one by far took a year of planning and a huge amount of organization. We stole ALL of Army's mules and brought them back to Annapolis. A difficult feat considering they keep them ON their campus, unlike the Naval Academy.
We definitely didn't want to get caught on that one, considering that Army personnel were subdued and impersonated, amongst other things.
Slashdot Mirror
People aren't even seeing the more serious issue here. If Microsoft implements these so-called Kerberos extensions, reverse engineering them is not what we want to be doing (regardless of legality).
Getting the IETF to make the standard more rigid is a better course of action. It forces Microsoft to adhere to certain rules if they want to claim Kerberos interoperability.
If we start the reverse engineering game with Microsoft, they will have achieved their goal -- defacto control of the Kerberos standard. They will have the ability to modify their extensions at will, thus forcing anyone who requires interoperability (e.g. Samba) to scramble to catch up.
Once Microsoft has you playing catch-up, you're right where they want you. See Netscape for details.
Best regards,
SEAL
I agree here. I'm curious why an incentive is needed at all. Most people, I think, would jump at the opportunity to turn the screws on a spammer. I think we should be concentrating on penalties for spamming, rather than rewards for turning people in.
This seems to work well enough for fax machines; email should be granted the same protection under the law. Email may be harder to trace, but offering rewards isn't going to cure that problem.
But why should we be so suspicious if the misdeed is, in fact, A Bad Thing?
"Why should we be suspicious of the DMCA? No one's going to use it in a way we didn't anticipate, right?" Heh... granted that's an extreme but you see my point.
Best regards,
SEAL
That last sentence really emphasizes the entire dilemma that the game industry faces with regards to Linux. How much effort should we put into widespread game support, if Linux itself is not widespread? Where do we draw the line? (I work in the game industry, so I say "we").
For many programmers, Linux is cool and making a game support it is even better. That's not enough reason for the marketing people, though. They are concerned with the bottom line. When you put 2-3 years into development for a product that stays on the shelf 6 mo - 1 year, you can see why Linux often gets ignored.
I think console games may be Linux's best ally here. Many development shops want to be able to sell their games on the consoles as well as Windows. That alone is reason enough to write portable code, which in turn can make porting to Linux easier. My company does this. No, it's not the royal treatment, but every game has to start somewhere. As long as Windows is the most widespread OS, that's what will be supported first and foremost.
Best regards,
SEAL
Go read my second link up above, and tell me with a straight face that US nuclear power plants have never killed anyone.
SEAL
Don't get me wrong - my personal view is that nuclear power's risks far outweigh the benefits, with a few limited exceptions. I mentioned burners as one possible way to help reduce the amount of waste that has ALREADY been produced. I don't think we should continue running such reactors for the long run, however.
Also keep in mind that a half-life is exactly that: the time it takes for half of the unstable nuclei to decay. It doesn't just "go away". Also, many isotopes decay into other isotopes that are still radioactive. Thus, a burner should have two goals:
- output of isotopes with much smaller half-lives than the original.
- output of isotopes which decay into non-radioactive material.
Best regards,
SEAL
Yes, it is, and it was a major producer of the U.S. plutonium stockpile. Hanford is in Eastern Washington, which isn't terribly close to Microsoft (5 - 6 hour drive). It IS close to the Columbia river, and they have leaked radioactive material into there in the past.
Nuclear power IS risky, and there is no long term solution to waste disposal (yet). Fast breeder reactors, and breeder/burners are one potential solution. But there is great paranoia about diversion of Pu-239 to terrorists. A fast breeder (in a nutshell) can produce Pu-239 (fissionable) from U-238 (waste).
A burner is a little different. This is used to deliberately break large isotopes into smaller ones with shorter half lifes. The U.S. Congress has cancelled most funding for advanced reactor programs, although the DOE's Argonne National Lab still does some research.
Considering some of the half-lifes of certain isotopes (Pu-239 has a half life of 24,000 years or so), just burying it seems to be a ridiculous proposition. I'd much rather see funding put into burner programs which can take care of this waste in a more responsible fashion.
Just my $.02
SEAL
I'll dispute part of that.
A short barreled shotgun, or any shotgun, is good for home defense. A pump action weapon makes noise which may scare an intruder. The spread makes it easier to hit someone in a dark room.
A sawed off shotgun is not necessarily a weapon useful to a militia. though. Due to the decreased range and wide spread, it would not (generally) be a good weapon to use in a team setting. A notable exception would be in clearing a room, but there are other weapons which would accomplish the task as well. Also, in the sort of urban combat that a militia is likely to be involved in, there is a high probability that innocent bystanders will be near. This sort of weapon has little accuracy, and high chance of hitting targets other than the intended one.
Best regards,
SEAL
If a security hole is found that can't be worked around, then yes, wait for a patch. Same thing you would do with Netscape.
Both Netscape and Microsoft IE have had security problems but Slashdot holds Microsoft to a different standard.
Witness an OLD OLD bug:
http://www.ciac.org/ciac/bulletins/i -040.shtml
Sounds familiar, doesn't it? What happened? It got fixed. And this certainly is not the only Netscape bug that has ever surfaced.
Security problems are going to be discovered. Humans make mistakes. The key is to respond to the problems swiftly, and try not to rush products out the door without proper testing. I think both MS and Netscape were guilty of the latter for a long time.
Best regards,
SEAL
Microsoft fixed the problem which allowed scripts to run without clicking them a long time ago.
Being curious, I followed your link. If you take the time to follow the next link (to Microsoft's hotfix), you'd see that it was taken care of last year.
If you were running a year old version of Linux, you wouldn't go ranting and raving about how it is full of exploits would you? No, you'd patch up to the latest.
SEAL
Actually I don't care about the points as much as the effect they have. I like browsing with Highest scores first. If moderators consistently give points to mindless crap, then what's the use of doing that? With that said, though, my karma comment was merely directed at the off topic stuff that he tossed into his post, not the browser-related comments.
SEAL
I think your post is a bunch of mindless ranting and highly overrated. I don't usually jump to Microsoft's defense but there is no way your post deserved a 5.
.vbs file to activate it. You don't go around running executables do you? So this virus/trojan is nothing more than a case of uneducated users trusting something they shouldn't.
First of all, to the cookie issue: turn off Javascript, OR go into the security settings and disable cookies that are stored on your computer. OR wait a brief moment and Microsoft will have a patch out. OR use any number of 3rd party cookie filtering programs that are out there. Personally I think neither Netscape, nor IE provide sufficient cookie control and management capabilities.
Also, let's keep some perspective and remember that both IE and Netscape have had vulnerabilities uncovered. They both make mistakes, they both fix them. Let's move on.
As to the ILOVEYOU stuff - to the best of my knowledge, you had to click on the
I DO think Microsoft should not allow their script language to poke through your address book. Newbie computer users would be less likely to trust this type of trojan if it wasn't a friend of theirs in the From: field.
The rest of your rant about the trade secrets and UCITA is nothing more than mindless Slashdot karma whoring. *yawn*
Best regards,
SEAL
I've read alot about shrinkwrap license issues lately. Personally, I don't care for them, but I think companies have the right to include them if they want to. These licenses will generally get more restrictive and accept less responsibility until consumers say enough is enough. Maybe this case will start that trend, if enough corporations hear about it.
/. might tell you, corporations can be affected by shrinkwrap licenses as easily as consumers. Corporations purchase quite a bit of software. Sooner or later, some CTOs are going to say "hey wait a minute -- this license is B.S." Let's use a different product.
Contrary to what
When that happens, you can be sure that companies will start competing on that level. Look at the auto industry. They offer WARRANTIES, as opposed to the computer industry which tends to DISCLAIM responsibility. As long as the computer industry is competitive, I think manufacturers will begin to accept more responsibility for their products.
If you get monopoly situations, on the other hand... well - that invites shrink wrap license abuse.
Best regards,
SEAL
Why not post them at boot time? ;)
Best regards,
SEAL
Say some anonymous individual decides to separate the technical specifications from the legal garbage, and distribute them on the web.
Obviously this person has violated the click-license agreement. But what happens if Jeremy picks up the stripped specs and implements them? Jeremy has agreed to nothing. So is he accountable? Is there something in the DMCA or other law which would place him in jeopardy?
Just curious,
SEAL
I used to work at Microsoft, and from the code I saw, there was NO GPLd code being used. Their networking code is largely based on BSD code, which has a more lenient license, as I'm sure you are aware.
Microsoft plays hardball business-wise, but they are also one of the most scrutinized corporations. If some coder decided to use GPL'd code for one of Microsoft's closed products, it is fair to say that he or she probably wouldn't be working there for long.
Best regards,
SEAL
However, just because you own a CD doesn't necessarily mean you can store a copy of the same song made from someone else's CD.
This will get shaken out if the RIAA vs. MP3.com thing doesn't get settled out of court.
Best regards,
SEAL
If the NSA is going to put backdoors in software, or implement other monitoring schemes, it doesn't really matter which nation they are dealing with. They have the ability to subvert entire organizations. So how would France know that the source code matched the binary they were using? Maybe they'll audit each and every line of code, and compile it themselves. But somehow I doubt it.
Consider the NSA "relationship" with Crypto AG, a Swiss company. Just look it up on Google if you're not familiar.
Best regards,
SEAL
However, I can't see the logic behind Rob's excuse of "not enough time". I mean c'mon - it's just a single checkbox and one additional field in the database. I've heard all the rumblings about the Slash code being a mess, but... how hard can it be?
Best regards,
SEAL
... besides it's not like I'm going to spend 15 bucks on a paperback of marginal worth. I'd get more value out of three trips to Taco Bell. So who cares where it's sold?
Just in confirmation... here's a link to an article about EPO:
http://216.247.90.253/archive/6649.html
Where did you pull that statistic from?
Consider, for a moment, someone preparing to climb Mt. Everest. He or she spends many months living at around 18,000 feet in order to allow the body to adjust to the altitude. The blood becomes thicker, with these climbers showing around 3x the normal amount of red blood cells. This allows the body to better transport oxygen in an environment where it is scarce.
Yes, water is important, and yes, dehydration is dangerous. But the thickness of your blood is not the primary performance indicator.
Best regards,
SEAL
The RIAA does not control every record label.
Did that sink in? If not - go read it again. The RIAA is a conglomerate of several MAJOR record labels, but that hardly constitutes ALL record labels. Not even close.
Thus, artists on non-RIAA labels would not have to be "going through the RIAA". Similarily, Napster is not stealing from the RIAA. The RIAA has no inherent right to profits of non affiliated labels.
Best regards,
SEAL
I was browsing the features list and notably, there is no OpenGL support. It says it supports Direct3D and Glide, but there's no mention of Linux.
:)
Also, there doesn't appear to be any NURBS support in the renderer. 3D sound positioning is a nice touch but once again... probably Win32 / DirectSound. If it has a software 3D sound capability then that's probably better for Linux anyhow. I'll have to take a look at the CVS repository and get a better feel for it because the features list leaves me with more questions than answers
On the bright side, considering their licensing policy, I would expect people to add in some of these features / portability sooner or later.
Best regards,
SEAL
So in other words, your whole DeCSS attention-mongering post is crap, as others have already pointed out.
If you're curious about the layout of the U.S. Circuit Courts you can go here:
http://www.ll.georgetown.edu/Fed-Ct/
Best regards,
SEAL
During my days at the U.S. Naval Academy, we pulled off some pretty excellent hacks. Much of the same activity went on as MIT - especially the week before the Army-Navy football game.
;)
However, the best one by far took a year of planning and a huge amount of organization. We stole ALL of Army's mules and brought them back to Annapolis. A difficult feat considering they keep them ON their campus, unlike the Naval Academy.
We definitely didn't want to get caught on that one, considering that Army personnel were subdued and impersonated, amongst other things.
Stupid mules
Best regards,
SEAL